Hi everybody!
I'm having some questions regarding H.460.18/19. I have the following
scenario:
: +---------------+
: | VC-Endpoint#1 |
: | H323id: 4711 |
: +------+--------+
: |eth0:192.168.1.140
: |
: |
: | <- Standard GK-Registration
: | to 192.168.1.1
: |
: |
: |eth1:192.168.1.1
: +--------+---------------+
: | LinuxFW using iptables |
: | GnuGK 2.3.1 listening | <- I'll call it "GnuGK/FW" below
: | on eth0 and eth1 |
: +--------+---------------+
: |eth0:78.x.x.x
: |
: |
: |
: .----..----..----.
: ( )
: : INTERNET :
: ( )
: '----''----''----'
: |
: |
: |
: |eth0:85.x.x.x
: +--------+---------------+
: | LinuxFW using iptables |
: +--------+---------------+
: |eth1:192.168.1.1
: |
: |
: | <- GK-Registration to
: | 78.x.x.x using H.460.18
: |
: |
: |eth0:192.168.1.140
: +------+--------+
: | VC-Endpoint#2 |
: | H323id: 4712 |
: +---------------+
And that's my tiny config:
[Gatekeeper::Main]
Fortytwo=42
TimeToLive=600
StatusPort=7000
[RoutedMode]
GKRouted=1
H245Routed=1
CallSignalPort=1721
EnableH46018=1
[GkStatus::Auth]
rule=allow
First question: Do I need "H245Routed=1" for my scenario?
Telneting on my GnuGK at port 7000 confirms, that both endpoints are
registered and one of them by using H.460.18... at least that's the
output of "rv". What's a little confusing for me is, that "s" tells me,
that I have 2 registered endpoints, but none of them is NATed. So, dees
NAT in this context refer just to the GnuGK-firewall-traversal-approach?
Anyway, registering using H.460 works fine... as soon as I open port
1719 on the GnuGK/FW. Calling 4712 from 4711 and vice-versa works as
well... as soon as I allow incoming traffic to the GnuGK/FW coming from
85.x.x.x. From the internal side - Intranet - all incoming traffic is
allowed by default. I know that I could reach the same goal by opening
just the related ports/ranges for the external IP, but just for testing
with known counterparts, this approach is fine for me. As a result, the
established call will use some dynamic ports out of the specified ranges
for RTP traffic.... and that's the point where I have some questions:
I know of commercial firewall-traversal solutions, also relying on
H.460.18/19, which manage to do the whole thing by opening only 3 ports
to the internet:
o) 1719 UDP - H.460.18 RAS, needed to register on the GK
O) 2776 TCP - H.460.18 call signaling, needed to initiate the call
o) 2777 UDP - H.460.19 multiplex media control channel
TCP - H.460.18 call control
So, I wonder if this would also be possible with the GnuGK? For example,
I didn't find any directive to configure H.460.19 multiplexing for
GnuGK...?!? Any ideas?
Thx a lot in advance!
Cheers,
Andy
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________________
Posting: mailto:[email protected]
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
